On Thu, May 16, 2013 at 11:18 AM, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
On 16/05/13 15:45, Sergii Bieliaievskyi wrote:



2013/5/16 Phil Mayers <p.mayers@imperial.ac.uk
<mailto:p.mayers@imperial.ac.uk>>


    No.

    MPPE requires encryption keys. These can be generated by whatever
    auth method.

    If you use plain MSCHAP, MSCHAP generates them.


Can you provide more information how can i do that? Or where can i read
about that?

I apologise - I misunderstood what you were doing.

If you're using plain MSCHAP for PPTP and want to combine this with OTP, it's probably impossible.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Hmm.  I did a test integration with our two-factor authentication server and poptop: http://www.howtoforge.com/security-issues-and-poptop-pptp. It worked, but I agree that PPTP is beyond busted.  OpenVPN is a much better choice.  It is also super simple to integrate via PAM: http://www.wikidsystems.com/support/wikid-support-center/how-to/using-wikid-strong-authentication-with-openvpn.

Those examples use our Enterprise edition which supports radius (via a 3rd party, licensed module).  I would love it if someone would do a freeradius module using our API: http://www.wikidsystems.com/downloads/network-clients.  We have a python package.

nick